Modern computer systems place a high importance on security of user access to system resources and on maintaining current and accurate polices for the permissions of computer system users to access those system resources. Resource owners, and other administrators of resources, often use such access control policies to control access by computer system users to computing resources in order to support the business needs of the resource owners, administrators, and users. In a computer system where many users may have several assigned roles, permissions, or policies associated with and relating to many different computing resources, maintaining user roles, permissions, or policies can grow increasingly complex, particularly as the size and/or complexity of the system or the number of computer system users increases leading to a corresponding increase in the amount of policy usage data.
Accordingly, a resource owner may grant access to resources in order to perform one or more actions on behalf of the resource owner while simultaneously ensuring the security of resources. In order to manage user privileges, a resource owner may delegate authority to access a given resource in a multiplicity of different ways to allow varying levels of access to the resource according to resource access policies. A principal (or set of principals) that are authorized by the delegation of authority to access the given resource may be referred to herein as “authorized delegates.” Generally, in large-scale and other computing environments, changes in users, permissions, policies, or roles can make determining who has the ability to perform a given action on a resource, at a given time, a challenging problem and keeping such access policies current and secure can present further challenges. The scope of the data that may be collected may present a further challenging problem, both with respect to storing the data as well as with respect to retrieving the data. Further, the goals of keeping privileges current and secure can compete with other goals. A centralized system for managing privileges can, for example, become out of date, become over-inclusive, become under-inclusive, or fail to adjust to changing system needs as the size of the data stored increases. Further, with such complex systems, it is often not clear how changes to policies can affect the systems' operation. An administrator with permissions for modifying policies, for example, can inadvertently add unneeded permissions (resulting in a corresponding decrease in security) and/or remove needed permissions (potentially causing legitimate attempts to access resources to fail and/or causing a system to malfunction).